| Format strings vuln in CGIwrap
Author : b0f www.b0f.net <firstname.lastname@example.org>
A locally and possibly remotely exploitable format
strings bug exists
in cgiwrap available from
This is CGIWrap - a gateway that allows more secure
user access to
CGI programs on an HTTPd server than is provided by the
itself. The primary function of CGIWrap is to make
any CGI script runs with the permissions of the user
it, and not those of the server.
CGIWrap works with NCSA httpd, Apache, CERN httpd,
and Communications servers, and probably any other Unix
server software that supports CGI.
On line 91 of msgs.c the printf() function is used
in a format strings vulnerability.
void MSG_Error_General(char *message)
MSG_Header("CGIWrap Error", message);
The binaries in cgiwrap, (cgiwrap and nph-cgiwrap) are
Thus could make this format problem exploitable locally
to gain root
possably remotely to gain root or the privs of the user
who owns the cgi
An attacker could exploit this issue to escalate privs
a server running cgiwrap.
This is vulnerable in the latest version of cgiwrap
version 3.7.1 and
older versions(not checked). It would be exploitable on
The vendor has not been contacted about this issue.
b0f (Alan M)